{
  $schema: "https://docs.renovatebot.com/renovate-schema.json",
  dependencyDashboard: true,
  suppressNotifications: ["prEditedNotification"],
  extends: ["config:recommended"],
  labels: ["internal"],
  schedule: ["before 4am on Monday"],
  semanticCommits: "disabled",
  separateMajorMinor: false,
  prHourlyLimit: 10,
  enabledManagers: ["github-actions", "pre-commit", "cargo"],
  cargo: {
    // See https://docs.renovatebot.com/configuration-options/#rangestrategy
    rangeStrategy: "update-lockfile",
    fileMatch: ["^crates/.*Cargo\\.toml$"],
  },
  "pre-commit": {
    enabled: true,
  },
  packageRules: [
    {
      // Disable updates of `zip-rs`; intentionally pinned for now due to ownership change
      // See: https://github.com/astral-sh/uv/issues/3642
      matchPackagePatterns: ["zip"],
      matchManagers: ["cargo"],
      enabled: false,
    },
    {
      // Group upload/download artifact updates, the versions are dependent
      groupName: "Artifact GitHub Actions dependencies",
      matchManagers: ["github-actions"],
      matchDatasources: ["gitea-tags", "github-tags"],
      matchPackagePatterns: ["actions/.*-artifact"],
      description: "Weekly update of artifact-related GitHub Actions dependencies",
    },
    {
      // This package rule disables updates for GitHub runners:
      // we'd only pin them to a specific version
      // if there was a deliberate reason to do so
      groupName: "GitHub runners",
      matchManagers: ["github-actions"],
      matchDatasources: ["github-runners"],
      description: "Disable PRs updating GitHub runners (e.g. 'runs-on: macos-14')",
      enabled: false,
    },
    {
      groupName: "pre-commit dependencies",
      matchManagers: ["pre-commit"],
      description: "Weekly update of pre-commit dependencies",
    },
    {
      groupName: "Rust dev-dependencies",
      matchManagers: ["cargo"],
      matchDepTypes: ["devDependencies"],
      description: "Weekly update of Rust development dependencies",
    },
    {
      // We don't really use PyO3 in this project; it's pulled in as an optional feature
      // of the PEP 440 and PEP 508 crates, which we vendored and forked.
      groupName: "pyo3",
      matchManagers: ["cargo"],
      matchPackagePatterns: ["pyo3"],
      description: "Weekly update of pyo3 dependencies",
      enabled: false,
    },
  ],
  vulnerabilityAlerts: {
    commitMessageSuffix: "",
    labels: ["internal", "security"],
  },
}